SlideShare una empresa de Scribd logo

Embracing the IT Consumerization Imperitive

Descargar como PPT, PDF
Barry Caplin
Barry Caplin
Tecnología
1 de 23
Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
http://about.me/barrycaplin
More About Me • Native New Yorker! • 30 years in IT/ 20 years in InfoSec
Apr. 3, 2010 300K ipads 1M apps 250K ebooks … day 1!
2011 – tablet/smartphone sales exceeded PCs
The real reason we need tablets
Why are we talking about this? But really, all connected!
Business Driver?
What about…
Ineffective Controls
1 Day
5 Stages of Tablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
Security Challenges Devices: •Exposure of data •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
BYOD Security Solutions • Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
DHS view - POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
Software Security Solutions • Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness
Embracing the IT Consumerization Imperitive

Recomendados

Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Top Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseTop Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseHawley Troxell
 
Mobile Practice Management
Mobile Practice ManagementMobile Practice Management
Mobile Practice ManagementClio - Cloud-Based Legal Technology
 
Krishna kumar singh
Krishna kumar singhKrishna kumar singh
Krishna kumar singhkrishnakumarkrishnak3
 
Com 300 dl
Com 300 dlCom 300 dl
Com 300 dlchiameity
 

Recomendados

Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
Top Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseTop Ten IT Legal Issues for the Enterprise
Top Ten IT Legal Issues for the EnterpriseHawley Troxell
 
Mobile Practice Management
Mobile Practice ManagementMobile Practice Management
Mobile Practice ManagementClio - Cloud-Based Legal Technology
 
Krishna kumar singh
Krishna kumar singhKrishna kumar singh
Krishna kumar singhkrishnakumarkrishnak3
 
Com 300 dl
Com 300 dlCom 300 dl
Com 300 dlchiameity
 
Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Lisa Marchand
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risksrisksmith
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawJamesDiffin
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyLaguna State Polytechnic University
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developersanilramnanan
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
04 privacy
04 privacy04 privacy
04 privacyEsmhel Briones
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveChristi Williams (Keating)
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_shTomppa Järvinen
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesJohn Mancini
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise ITJohn Mancini
 
The Data Ethical Company
The Data Ethical CompanyThe Data Ethical Company
The Data Ethical CompanyPernille Tranberg 🍀
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbMicheleNati
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalDavid Cass
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 

Más contenido relacionado

La actualidad más candente

Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Lisa Marchand
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risksrisksmith
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawJamesDiffin
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)YUSRA FERNANDO
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developersanilramnanan
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveChristi Williams (Keating)
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_shTomppa Järvinen
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesJohn Mancini
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise ITJohn Mancini
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbMicheleNati
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalDavid Cass
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 

La actualidad más candente (20)

Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?Digital Accessibility - Section 508 Refresh: Now What?
Digital Accessibility - Section 508 Refresh: Now What?
 
Cyber and Data Risks
Cyber and Data RisksCyber and Data Risks
Cyber and Data Risks
 
Mobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the LawMobile Technologies, BYOD and the Law
Mobile Technologies, BYOD and the Law
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information Technology
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital Era
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)
 
Data ethics for developers
Data ethics for developersData ethics for developers
Data ethics for developers
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breach
 
04 privacy
04 privacy04 privacy
04 privacy
 
How To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay ProductiveHow To Enable a Remote Workforce & Stay Productive
How To Enable a Remote Workforce & Stay Productive
 
Service goes accessible_2013_sh
Service goes accessible_2013_shService goes accessible_2013_sh
Service goes accessible_2013_sh
 
Everything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three SlidesEverything You Need to Know About Enterprise IT in Three Slides
Everything You Need to Know About Enterprise IT in Three Slides
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise IT
 
The Data Ethical Company
The Data Ethical CompanyThe Data Ethical Company
The Data Ethical Company
 
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrbIoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
IoTMeetupGuildford#12: Tirath Bansal - Independent Private Collaboration - myOrb
 
IS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_FinalIS and the Innovator's Dilemma DCass_Final
IS and the Innovator's Dilemma DCass_Final
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 

Similar a Embracing the IT Consumerization Imperitive

DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...Andris Soroka
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesThe Lorenzi Group
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeLenin Aboagye
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Priyanka Aash
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Peter Wood
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
Data Protection, Humans and Common Sense
Data Protection, Humans and Common SenseData Protection, Humans and Common Sense
Data Protection, Humans and Common Senseusbcopynotify
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io
 
Data Quality Success Stories
Data Quality Success StoriesData Quality Success Stories
Data Quality Success StoriesDATAVERSITY
 
Identity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityIdentity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityBen Boyd
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big dataDez Blanchfield
 

Similar a Embracing the IT Consumerization Imperitive (20)

DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
DSS ITSEC CONFERENCE - Spector360 as productivity and security tool - Riga NO...
 
Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR ExecutivesDigital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery & Technology Risks for HR Executives
 
Isc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagyeIsc(2) eastbay-lenin aboagye
Isc(2) eastbay-lenin aboagye
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...Shadow it risks & control managing the unknown unknowns in the deep &...
Shadow it risks & control managing the unknown unknowns in the deep &...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)Big Data and Security - Where are we now? (2015)
Big Data and Security - Where are we now? (2015)
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
Data Protection, Humans and Common Sense
Data Protection, Humans and Common SenseData Protection, Humans and Common Sense
Data Protection, Humans and Common Sense
 
Where IT's At 2012
Where IT's At 2012Where IT's At 2012
Where IT's At 2012
 
Internal social media: risks and added value
Internal social media: risks and added valueInternal social media: risks and added value
Internal social media: risks and added value
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data PrivacyFalcon.io | 2021 Trends Virtual Summit - Data Privacy
Falcon.io | 2021 Trends Virtual Summit - Data Privacy
 
Data Quality Success Stories
Data Quality Success StoriesData Quality Success Stories
Data Quality Success Stories
 
Identity - The Cornerstone of Information Security
Identity - The Cornerstone of Information SecurityIdentity - The Cornerstone of Information Security
Identity - The Cornerstone of Information Security
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07
 
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Recent developments in data analytics and big data
Recent developments in data analytics and big dataRecent developments in data analytics and big data
Recent developments in data analytics and big data
 

Más de Barry Caplin

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - PasswordsBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Barry Caplin
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsBarry Caplin
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and ChildrenBarry Caplin
 

Más de Barry Caplin (20)

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refs
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and Children
 

Último

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 

Último (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 

Embracing the IT Consumerization Imperitive

  • 1.
  • 2. Embracing the IT Consumerization Imperative Barry Caplin CISO MN Dept. of Human Services barry.caplin@state.mn.us bc@bjb.org, @bcaplin, +barry caplin
  • 4. More About Me • Native New Yorker! • 30 years in IT/ 20 years in InfoSec
  • 5.
  • 6. Apr. 3, 2010 300K ipads 1M apps 250K ebooks … day 1!
  • 7. 2011 – tablet/smartphone sales exceeded PCs
  • 8. The real reason we need tablets
  • 9. Why are we talking about this? But really, all connected!
  • 13. 1 Day
  • 14. 5 Stages of Tablet Grief • Surprise • Fear • Concern • Understanding • Evangelism
  • 15. Security Challenges Devices: •Exposure of data •Leakage of data – sold, donated, tossed, repaired drives •Malware But don’t we have all this now???
  • 16. Consumer App Security • “non-standard” software a challenge • Vetting, updates/patches, malware • No real 3rd party agreements • Privacy policies, data ownership • SOPA/PIPA/CISPA
  • 17. Legal (IANAL) • Privacy – exposing company data • Litigation hold – on 3rd party services • Separation – what’s on Dropbox? • Copyright, trademark, IP? • How do you?: – Get data from a 3rd party service?
  • 18. BYOD Security Solutions • Sync – Network or OTA • VDI – Citrix or similar • Containerization – Sandbox, MAM • Direct Connection – Don’t!
  • 19. DHS view - POE • Policy • Guest wireless • Supervisor • FAQs for approval users/sups • Citrix only • Metrics • No Gov't records • $ - not yet on POE (unencrypted) • 3G/4G or wired
  • 20. Software Security Solutions • Policy – Examine existing – augment • Process – Vetting, updates, malware • 3rd party agreements – where possible • Data classification/labeling • PIE – pre-Internet encryption
  • 21. CoIT Nirvana • Any, Any, Any – work, device, where • Be nimble • Data stays “home”++ • Situational awareness
  • 22. Key Points • Business Need – Partner internally • BYOD, Consumer apps, or both? • Policy, Technical, Financial aspects • Watch the data • Make easy for users • Education/Awareness

Notas del editor

  1. IT Consumerization is a major buzz-phrase
  2. 1. Check out my about.me, with links to twitter feed and Security and Coffee blog. 2. More about me… including the most important thing…
  3. Mobile/portable devices are not new. Then an event occurred that changed the game… IBM “Portable” 5155, $4225, 30 lbs, 4.77MHz 8088; Apple Newton; AppleBook; original ThinkPad; 1 st gen android; Palm III; early Blackberry
  4. 1 st iPad, 4/3/2010. 300K iPads sold, 1M apps, 250K ebooks downloaded on the first day. Features, form factor, intuitive use made it the people’s choice.
  5. 1. mid-2011 tipping point 2. By early 2012, 50% of US mobile users use a smartphone
  6. 2012 survey of IT leaders – Mobile is #1 tech impact But Cloud is 2, CoIT 3 and Social 4 – all connected
  7. The devices are hot and driving the space, but it’s really about the ability to have mobility – to bring the product or service to the consumer/customer. Not just “flavor of the week”.
  8. Just say no is not a viable IT or Security strategy or response. We must partner with the business/user to provide what is needed. Just say no is an…
  9. If your organization is saying “just say no” to consumer devices and apps, then they are already in your environment Take opportunity to partner, lead and add value.
  10. 2.5 years ago Story of call from lawyer about iPads in a meeting This lead to…
  11. Quickly moved to last stage – evangelism Now security is dragging other groups kicking and screaming into the present. Security is leading and adding value.
  12. Exposure is device in hand – eavesdropping, MitM Leakage is device is gone. We have all this already. Datalossdb.org and Accidental Insider. 10% of 2 nd -hand drives bought had company/private data. StarTrib malware.
  13. 1. Similarly, we have had software issues – local admin, devs, etc. can’t enumerate badness. If the service is free, we are the product not the customer.
  14. Be sure to include legal Information Discovery, Litigation Hold are big issues.
  15. Now for solutions – 4 general categories for devices Containerization includes Enterprise App Store
  16. Extensible policy; Citrix (no remnants); looking at containerization; guest wireless/wired; not yet considering $ (reimbursement/stipend) Gartner says at least 3-5 years for financial payoff.
  17. Policy already mentioned Working on process to more seamlessly allow consumer apps Know your data classifications PIE great for online storage, file sharing.
  18. Partner; Lead; Add value Good user experience is key
  19. Users are changing; expectations are changing; keep “eyes on the prize”; partner, solve problems, and add value